1 CLAIMS 

2 What is clamed is: 



3 1. An access management system for managing access to 

4 registrant data comprising: 

5 an authorization engine for controlling access to a 

6 registrant database storing registrant data including 

7 privacy data of a registrant and for controlling access to 

8 the registrant database by use of a prescribed privacy 

9 policy and condition data designated by the registrant, 

10 wherein the authorization engine includes an authori- 



11 zation judgment unit for deciding an access type from an 

12 access request received from outside and concerning the 

13 registrant data, for controlling reference to the registrant 

14 database based on the access request by use of access 

15 authorization data to be decided prior to the access request 

16 in connection with the access type. 



17 2. The access management system according to claim 1, 

18 further comprising: 

19 a preliminary calculation unit for calculating the 

20 access authorization data in advance; and 

21 a storage area for storing the access authorization 

22 data . 

23 3. The access management system according to claim 1, 

24 wherein the access authorization data comprises an 

25 identification value for executing access authorization 

26 which is generated in advance from the privacy policy and 

27 the condition data. 

28 4. The access management system according to claim 2, 
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1 wherein the access authorization data comprises a 

2 table which is generated in advance by use of the privacy 

3 policy and the condition data and is written in a format to 

4 exclude the access authorization data which are not accessed 

5 in response to any of the access type and the condition data 

6 designated by the registrant. 

7 5. The access management system according to claim 4, 

8 wherein the access authorization data further 

9 comprises an authorization list and a disapproval list. 

10 6 . An access management method for managing access to 

11 registrant data by use of a computer system, the method 

12 includes the steps of: 



13 causing an authorization engine to receive an access 

14 request from outside; 

15 causing the authorization engine to decide an access 

16 type from the access request; 

17 reading access authorization data to be decided prior 

18 to the access request in connection with the access type 

19 concerning the registrant data and comparing the access 

20 authorization data with the access type; and 

21 controlling reference to a registrant database associ- 

22 ated with the access request based on the comparison. 

23 7. The access management method according to claim 6, 

24 further comprising the step of: 

25 storing in a storage area the access authorization 

26 data including an identification value for executing access 

27 authorization created by a creation unit. 

28 8. The access management method according to claim 6, 

29 further comprising the step of: 

30 storing in a storage area access authorization data 
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1 including a table which excludes the access authorization 

2 data not accessed in response to an access type or the 

3 condition data designated by a registrant, by use of a 

4 privacy policy and condition data. 

5 9. The access management method according to claim 8, 

6 further comprising the step of: 

7 storing an authorization list and a disapproval list 

8 in the storage area in addition to the access authorization 

9 data . 

10 10. A computer-executable program for causing a computer to 

11 execute the access management method according to claim 6. 



12 11. A computer-readable recording medium storing the 

13 computer-executable program according to claim 10. 

14 12 . An access management system for managing access to 

15 registrant data through a network, comprising: 

16 a network; 

17 a registrant database connected to the network that 

18 stores the registrant data containing privacy of a 

19 registrant; 

20 an authorization engine connected to the network for 

21 controlling the access to the registrant database by use of 

22 an application execution unit for issuing an access request 

23 to the registrant database and by use of a given privacy 

24 policy relevant to the registrant data and condition data 

25 designated by the registrant upon receipt of an access 

26 request from the application execution unit; and 

27 a management server for generating access author iza- 

28 tion data to be decided prior to the access request in 

29 connection with an access type and for causing the authori- 

30 zation engine to use the access authorization data. 
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1 13. The access management system according to claim 12, 

2 wherein the authorization engine controls the access 

3 by use of the access authorization data including an identi- 

4 fication value, which is generated by use of the privacy 

5 policy and the condition data and includes an identification 

6 value for executing access authorization. 



7 14. The access management system according to claim 12, 



8 wherein the authorization engine controls the access 

9 by use of a table in a format arranged to exclude the access 

10 authorization data not accessed in response to any of the 

11 access type and the condition data designated by the regis - 

12 trant by use of the privacy policy and the condition data, 

13 and by use of the access authorization data including an 

14 access list and a disapproval list. 

15 15. An access controlling method for controlling a computer 

16 to manage access to registrant data through a network, the 

17 access management method comprising the steps of: 

18 causing an authorization engine to use access authori- 

19 zation data calculated in advance through the network; 

20 causing the authorization engine to receive an access 

21 request from outside to a registrant database storing the 

22 registrant data containing privacy of the registrant; 

23 deciding an access type upon receipt of the access 

24 request from the outside; and 

25 controlling the access to the registrant database by 

26 comparing the access type decided as described above with 

27 the access authorization data decided prior to the access 

28 request. 

29 16. The access management method according to claim 15, 

30 wherein the access authorization data are generated by 
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1 use of a privacy policy and condition data and includes an 

2 identification value for executing access authorization. 

3 17. The access management method according to claim 15, 

4 wherein the access authorization data includes a table 

5 in a format arranged to exclude the access authorization 

6 data not accessed in response to any of the access type and 

7 condition data designated by the registrant, an access list, 

8 and a disapproval list by use of the privacy policy and the 

9 condition data. 

10 18. An article of manufacture comprising a computer usable 

11 medium having computer readable program code means embodied 

12 therein for causing for managing access to registrant data 

13 by use of a computer system, the computer readable program 

14 code means in said article of manufacture comprising 

15 computer readable program code means for causing a computer 

16 to effect the steps of claim 6. 

17 19. A program storage device readable by machine, tangibly 

18 embodying a program of instructions executable by the 

19 machine to perform method steps for managing access to 

20 registrant data by use of a computer system, said method 

21 steps comprising the steps' of claim 6. 

22 20. A computer program product comprising a computer usable 

23 medium having computer readable program code means embodied 

24 therein for causing management of access to registrant data, 

25 the computer readable program code means in said computer 

26 program product comprising computer readable program code 

27 means for causing a computer to effect the functions of 

28 claim 1. 

29 21. A computer program product comprising a computer usable 



Docket KJusnbers JP920030041US1 



-51- 



medium having computer readable program code means embodied 
therein for causing management of access to registrant data 
through a network, the computer readable program code means 
in said computer program product comprising computer 
readable program code means for causing a computer to effect 
the functions of claim 12 . 
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